Posted by comp.lang.php on 04/06/06 23:22

I wrote a method that should check if an email address is valid. In
another method I've already checked to see if $_POST['email'] exists
and is well-formed, so those checks are not necessary in this scope.

However, "Step 4" bothers me, and I wonder if others are as bothered as
I am.

[PHP]
/**
* Validate submitted email
*
* @access private
* @see checkdnsrr
* @link
http://www.devshed.com/c/a/PHP/Email-Address-Verification-with-PHP/4/
* @see link regarding use of getmxerr() as a double-check behind
checkdnsrr
* @link http://us2.php.net/manual/en/function.fsockopen.php
* @see link regarding usage of fsockopen() for domain reachability
verification
*/
function &validateEmail() { // STATIC VOID METHOD
global $webmasterEmail;

list($user, $domain) = @explode('@', $_POST['email']);

if ($this->isValid && (!$user || !$domain)) {
$this->isValid = false;
$this->setErrorArray(array('email' => 'No validly formed email
address was found'));
}

// STEP 1: USE checkdnsrr (either built-in UNIX version or
"homegrown" version in client functions.inc.php for Windows)
if ($this->isValid && !checkdnsrr($domain) && !$_ENV['windir'] &&
!$_SERVER['windir']) {
// ONLY PRODUCE AN ERROR IF NOT IN WINDOWS ELSE ALLOW getmxrr() TO
THROW ERROR
$this->isValid = false;
$this->setErrorArray(array('email' => "Domain: \"$domain\" not found
to exist for email address to be valid"));
}

// STEP 2: MAKE SURE $domain IS NOT OUR DOMAIN
if ($this->isValid && strcmp(trim($domain),
preg_replace('/^([w]{3}[a-zA-Z0-9]*)\.?([a-zA-Z0-9\-_\.]+)$/i', '$2',
$_SERVER['SERVER_NAME'])) == 0) {
$this->isValid = false;
$this->setErrorArray(array('email' => "You are not allowed to use
our domain of \"$domain\" for your email address"));
}

// STEP 3: USE getmxrr() BUILT-IN PHP FUNCTION TO DOUBLE-CHECK BEHIND
STEPS 1 AND 2
if ($this->isValid && @!getmxrr($domain, $hostArray)) {
$this->isValid = false;
$this->setErrorArray(array('email' => "Domain: \"$domain\" is not
found to exist for the email address to be valid"));
}

// STEP 4: VERIFY VIA fsockopen() IF YOU CAN EVEN REACH THAT DOMAIN,
MEANING IT'S ACTIVE (COULD ALSO BE DOWN OR UNREACHABLE OR BOGUS)
if ($this->isValid) {
$socketID = @fsockopen($domain, 25, $errno, $error, 15); // LAST
NUMBER IS TIMEOUT FEATURE - TIMEOUT AFTER 15 SECS
if (!$socketID) {
$msg = "There was a problem attempting to connect to \"$domain\": "
.. nl2br($error) .
", please try again or contact our administrator at <a
href=\"mailto:$webmasterEmail\">" .
str_replace('@', ' at ', $webmasterEmail) . '</a>';
$this->isValid = false;
$this->setErrorArray(array('email' => $msg));
}
@fclose($socketID);
}
}
[/PHP}

I keep thinking this could be a potential problem if the remote email
server is down or not on port 25 or is not allowed to be accessed or...

What do others think?

Thanx
Phil

[Back to original message]